summaryrefslogtreecommitdiffstats
path: root/ipalib
Commit message (Collapse)AuthorAgeFilesLines
* Create default disabled sudo bind userJr Aquino2011-02-231-1/+14
| | | | | | | | Read access is denied to the sudo container for unauthenticated users. This shared user can be used to provide authenticated access to the sudo information. https://fedorahosted.org/freeipa/ticket/998
* Fix typo, add example for when user krbtpolicy takes effect.Rob Crittenden2011-02-231-2/+2
| | | | ticket 594
* Make permission and privilege help text clearerRob Crittenden2011-02-232-8/+18
| | | | ticket 996
* Net group to NetgroupAdam Young2011-02-221-1/+1
|
* I18n update for dialog box buttons.Endi S. Dewata2011-02-221-5/+10
| | | | https://fedorahosted.org/freeipa/ticket/899
* Set hard limit on number of commands in batch request to 256.Rob Crittenden2011-02-222-0/+19
| | | | ticket 984
* Validate NAPTR recordsJakub Hrozek2011-02-221-0/+26
| | | | https://fedorahosted.org/freeipa/ticket/840
* Fixed error message for invalid Kerberos ticket.Endi S. Dewata2011-02-211-6/+7
| | | | https://fedorahosted.org/freeipa/ticket/490
* Add handling for indirect memberof other entries.Rob Crittenden2011-02-217-7/+31
| | | | | | | | | | | | | | | This creates a new custom attribute, memberofindirect_[plugin]. Using this you can tell the difference between being an actual memberof another entry and being a memberof as the result if inheritence. This is particularly useful when trying to remove members of an entry, you can only remove direct members. I had to add a couple of short sleep calls to make things work a little better. The memberof plugin runs as a postop and we have no way of knowing when it has done its work. If we don't pause we may show some stale data that memberof hasn't updated yet. .3 seconds is an arbitrary choice. ticket 966
* Better doc for idnssoaminimumJakub Hrozek2011-02-181-1/+7
|
* Cleanup for netgroup search https://fedorahosted.org/freeipa/ticket/963Jr Aquino2011-02-181-4/+6
|
* Updated json_metadata and i18n_messages.Endi S. Dewata2011-02-185-21/+293
| | | | | | The json_metadata() has been updated to return ipa.Objects and ipa.Methods. The i18n_messages() has been updated to include other messages that are not available from the metadata.
* Fixed parameter for user city.Endi S. Dewata2011-02-181-2/+2
| | | | | | | Previously the user's city parameter is defined to use the 'locality' attribute. This was a problem because the attribute would be returned as 'l' by the directory server causing a mismatch. Now the parameter has been changed to use the 'l' attribute.
* Special handling for nsaccountlock attribute in user.Rob Crittenden2011-02-171-0/+8
| | | | | | | | nsaccountlock doesn't have a visible Param but we want do so some basic validation to be sure garbage doesn't get in there so do it in the pre_callback of add and mod. ticket 968
* Validate that the reverse DNS record is correctJan Zeleny2011-02-171-0/+16
| | | | | | | This patch ensures that PTR records added by FreeIPA are compliant with RFC. https://fedorahosted.org/freeipa/ticket/839
* Document the --rights output formatJan Zeleny2011-02-171-2/+2
| | | | | https://fedorahosted.org/freeipa/ticket/563 https://fedorahosted.org/freeipa/ticket/588
* Fixed user-add helpJan Zeleny2011-02-171-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/735
* Don't allow host cn to be changed (it isn't used anyway).Rob Crittenden2011-02-161-0/+2
| | | | | | | We are required by LDAP schema to have a cn value. Don't let users change it thinking they are actually doing something. tickets 706 and 707
* Service/Host disable command output clarificationMartin Kosek2011-02-162-6/+6
| | | | | | | | | | | | | | When a service/host is disabled, the resulting summary message states that a Kerberos key was disabled. However, Kerberos key may not have been enabled before this command at all, which makes this information confusing for some users. Also, the summary message didn't state that an SSL certificate was disabled too. This patch rather changes the summary message to a standard phrase known from other plugins disable command and states all disable command steps in a respective command help. https://fedorahosted.org/freeipa/ticket/872
* Validate and convert certificate SNJakub Hrozek2011-02-161-0/+28
| | | | | | | | | | | | | The cert plugin only worked OK with decimal certificate serial numbers. This patch allows specifying the serial number in hexadecimal, too. The conversion now works such that: * with no explicit radix, a best-effort conversion is done using int(str, 0) in python. If the format is ambiguous, decimal takes precedence. * a hexadecimal radix can be specified explicitly with the traditional 0x prefix https://fedorahosted.org/freeipa/ticket/958 https://fedorahosted.org/freeipa/ticket/953
* 17-2 Managed netgroups should be invisible ↵Jr Aquino2011-02-161-0/+18
| | | | https://fedorahosted.org/freeipa/ticket/963
* HBAC plugin inconsistent outputMartin Kosek2011-02-163-19/+42
| | | | | | | | This patch adds a proper summary text to HBAC command which is then printed out in CLI. Now, HBAC plugin output is consistent with other plugins. https://fedorahosted.org/freeipa/ticket/596
* Validate MX recordsJakub Hrozek2011-02-161-0/+20
| | | | https://fedorahosted.org/freeipa/ticket/967
* Fix typo in rewording of help for the user module.Rob Crittenden2011-02-161-4/+4
| | | | I was too quick on the patch push and didn't see a nack on the wording.
* Reword help for the user moduleJan Zeleny2011-02-161-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/351
* Fixed association facets.Endi S. Dewata2011-02-151-0/+3
| | | | | | | | The association config has been removed because it incorrectly assumes there is only one association between two entities. Now each association is defined separately using association facets. The service.py has been modified to specify the correct relationships. The API.txt has been updated. https://fedorahosted.org/freeipa/ticket/960
* Fix service validator, ensure the service isn't blank.Rob Crittenden2011-02-151-0/+4
| | | | ticket 961
* Add group members to default output of sudorule-showJan Zeleny2011-02-151-0/+4
| | | | https://fedorahosted.org/freeipa/ticket/915
* Fix setattr mail bug in user plugin.Pavel Zuna2011-02-151-0/+2
| | | | | The email normalizer expects a list or tuple, but when using setattr it gets a string and interates on it as if it was a list/tuple.
* A privilege cannot be a member of a permission, remove it from metadataRob Crittenden2011-02-151-3/+1
| | | | ticket 970
* The --out option wasn't working at all with cert-show.Rob Crittenden2011-02-142-4/+13
| | | | | | | | Also fix some related problems in write_certificate(), handle either a DER or base64-formatted incoming certificate and don't explode if the filename is None. ticket 954
* Add missing import for netaddrRob Crittenden2011-02-141-0/+1
| | | | ticket 964
* Remove obsolete record types from DNSJakub Hrozek2011-02-141-4/+4
| | | | https://fedorahosted.org/freeipa/ticket/923
* A mod command should not be able to remove a required attribute.Rob Crittenden2011-02-141-0/+9
| | | | | | | | | | | | Some attribute enforcement is done by schema, others should be done by the required option in a Parameter. description, for example, is required by many plugins but not the schema. We need to enforce in the framework that required options are provided. After all the setattr/addattr work is done run through the modifications and ensure that no required values will be removed. ticket 852
* Changed dns permission typesJan Zeleny2011-02-142-3/+3
| | | | | | | | Recent change of DNS module to version caused that dns object type was replaced by dnszone and dnsrecord. This patch corrects dns types in permissions class. https://fedorahosted.org/freeipa/ticket/646
* Fixed type of argument in class helpJan Zeleny2011-02-141-1/+1
|
* Support of user default email domainMartin Kosek2011-02-141-0/+24
| | | | | | | | | | | | | This patch fixes the default domain functionality for user email(s). This setting may be configured via: ipa config-mod --emaildomain=example.com Then, when user is added/modified and --mail option is passed, the default domain is appended if the passed attribute does not contain another domain already. https://fedorahosted.org/freeipa/ticket/598
* Add default success/failure output logging.Rob Crittenden2011-02-145-9/+12
| | | | | | | | | | Request logging on the server only happened if you added verbose=True or debug=True to the IPA config file. We should log the basics at least: who, what, result. Move a lot of entries from info to debug logging as well. Related to ticket 873
* Fix checking for arguments in DNS pluginsJakub Hrozek2011-02-141-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/956
* Convert json strings to unicode when they are unmarshalled.Rob Crittenden2011-02-111-27/+1
| | | | | | | | | This patch removes some individual work-arounds of converting strings to unicode, they only masked the problem. String values are not passed to the validator or normalizers so things like adding the realm automatically to services weren't happening. ticket 941
* Provide a way to display CLI-LDAP relationJan Zeleny2011-02-101-1/+26
| | | | | | | | | | | Since some LDAP attributes have their cli_name value defined, so they can be more user friendly, it can be difficult for user to find out which attributes do the parameteres given to CLI really represent. This patch provides new command, which will take another IPA command as and argument and display attributes which given command takes and what LDAP attributes are they mapped to. https://fedorahosted.org/freeipa/ticket/447
* Fix test failures caused by the performance patch.Rob Crittenden2011-02-102-8/+19
| | | | | | It isn't safe to assume there is an environment or mode in any given object. Only skip the extra work if the object explicitly has production in it.
* Remove certificate as service a search option.Rob Crittenden2011-02-101-0/+1
| | | | ticket 912
* Display error messages for failed manageby in service-add/remove-host.Pavel Zuna2011-02-102-4/+3
| | | | Fix #830
* Add the entitlement API to API.txtRob Crittenden2011-02-101-5/+6
| | | | | | | It was missed because the whole module was skipped if python-rhsm wasn't loaded. ticket 919
* Update krbtpolicy doc to inform that restarting krb5kdc might be needed.Pavel Zuna2011-02-101-0/+19
| | | | Fix #844
* Update config doc to reflect that 0 is not allowed for search time limit.Pavel Zuna2011-02-101-2/+2
| | | | Fix #837
* Set minimum for Kerberos policy max life and max renew.Pavel Zuna2011-02-101-0/+2
| | | | Fix #847
* Fix of a small typoJan Zeleny2011-02-101-1/+1
|
* Inconsistent error message for ipa group-detachMartin Kosek2011-02-031-1/+4
| | | | | | | | When attempting to detach a private group that doesn't exist, the error message returned is not consistent with the error returned by the other topic commands. This patch adds a standard message. https://fedorahosted.org/freeipa/ticket/291
generated by cgit (git 2.34.1) at 2025-02-27 11:52:26 +0000